Extracted

• • Target

    c5ea00ea5973347d54d66f12fb5ee242_JaffaCakes118

  • Size

    3.3MB

  • MD5

    c5ea00ea5973347d54d66f12fb5ee242

  • SHA1

    9ce9fe05b746d949ac3095c7b8ed70a34948a0e5

  • SHA256

    36fe56519a798213116d5f7328fa81ef7c550f4f14c36e7f30c330bdd6d7d42e

  • SHA512

    a6061f6d4b22f3e6561da3e2e27bbdf6e0e9ec812c2e584812d9e684c7e9dfb54c6454a8d818e65d82d89aa17e45d95a15e64e88e8ff33eab6fa284a68a1fe0f

  • SSDEEP

    49152:Fq3j/91Zrb/TNvO90dL3BmAFd4A64nsfJeomo3d4jMQPvFPL8bg11VgjoCfEJZD1:FG91LomuSBPvqi4B

  Score

  10^/10

  hivedefense_evasionevasionexecutionimpactransomwarespywarestealertrojan

  • Deletes Windows Defender Definitions

    Uses mpcmdrun utility to delete all AV definitions.

    evasion

  • Disables service(s)

    evasionexecution

  • Hive

    A ransomware written in Golang first seen in June 2021.

    ransomwarehive

  • Hive family

    hive

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Modifies security service

    evasion

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Command and Scripting Interpreter: PowerShell

    Using powershell.exe command.

    execution

  • Modifies Security services

    Modifies the startup behavior of a security service.

    defense_evasion
  behavioral1behavioral2